Director, Information Security
Company: Highland Capital Europe
Location: Washington
Posted on: April 18, 2024
Job Description:
At Zwift IT, we are constantly improving our security posture.
Currently, we are looking for a Director, Information Security to
be a key member of the IT Leadership Team. -This role is critical
to leading and transforming our security programs to keep up with
the threat landscape and partnering across the Zwift in this
critical area. The candidate is expected to have broad practical
implementation knowledge of designing and running information
security programs, building, and scaling large security
capabilities, and working across organizational boundaries and with
executive leadership to shape the security strategy to ensure our
promises to customers in every interaction. The Director of
Information Security will drive and support the security policies,
practices, procedures, and technologies required to ensure the
protection of our networks, systems, applications, data, and
products. S/he will ensure operational risk management efficiencies
are achieved across the enterprise and will develop, document, and
operate controls maximizing risk mitigation, which are compliant
with target industry regulations including ISO27K/NIST CSF, PCI
DSS, SOX, GDPR, and CCPA. To be successful you not only are great
at defining a vision, but you are equally great at executing that
vision. This position will report directly to the Vice President of
Information Technology. What you'll do: -
- Establishes and maintains the Enterprise Security vision,
strategy, and program to ensure information assets and technologies
are adequately protected
- Provides leadership to develop and execute an enterprise
information security strategy and roadmap. Aligns with enterprise
business strategy, gains executive approval and support, and
oversees the successful execution
- Works with Zwift development and infrastructure teams to
identify and remediate application and infrastructure-related
vulnerabilities -through findings and remediations
- Develops and employs an ongoing information security
communications, training, and awareness program tailored to the
evolving needs of the business and the specific requirements of
various user groups.
- Ensures Identity and Access reviews are performed periodically
and follows through on findings and remediations
- Defines Objectives and Key Results (OKRs), strategic risk
indicators, and metrics/scorecards to understand current health and
drive insights into future focus areas for the team before issues
occur/risks are realized.
- Prepares, maintains, and communicates security procedures and
documentation including incident response procedures
- Collaborates cross-functionally, including with engineering,
legal, product, and IT teams, to build and strengthen information
security and privacy across our service and infrastructure
- Responsible for security operations, including threat
prevention, detection, and incident response strategy to include a
formalized incident response process, declaring security incidents,
coordinating and assisting in the investigation of potential
incidents, assisting in the recovery from attacks, coordinating
with legal, compliance, and other stakeholders, law enforcement
agencies (where applicable), and developing the post-response
control strategy
- Works closely with and provides technical expertise to
compliance, business units, and supporting departments in the
implementation, certification, and maintenance of compliance
standards (E.g., NIST CSF/800-171/CMMC, ISO 27001/ISO27701, SOX,
PCI/DSS, GDPR, CCPA, etc.)
- Develops, trains, and mentors the Information Security team to
grow their technical and professional capabilities What you'll
have:
- Bachelor's degree in Computer Science, Information Systems,
Engineering, or related technical field
- 8+ years of experience in a combination of information
technology & security and IT risk management
- 8+ years of leadership experience in information security
policy, standards, architecture, technology, and programs
- Experience with multiple Information Security domains, such as
Infrastructure Vulnerability, Data Loss Prevention, End User
Security, Network Security, Internet Security, Application
Security, Cloud Security(AWS), Identity & Access Management,
etc
- Experience with security products from a variety of vendors
(firewalls, intrusion detection systems, vulnerability scanners,
multi-factor/strong authentication technologies, SIEM, CASB,
logging, penetration testing software, etc.)
- Knowledge and understanding of relevant legal and regulatory
requirements, such as GDPR, SOX, PCI/DSS, ISO/IEC 27001, and NIST
security principles
- Proven and demonstrated successful experience delivering
results in the following areas of IT Security: Identity and Access
Management (IM), Application, Cloud and Data Security, Information
Governance Risk & Compliance (GRC), Security Operations
- Must have a track record of developing and implementing a
comprehensive strategy and plan for managing information
security
- Exceptional program and project management skills
- Strong written/oral communication skills required along with
the desire and ability to communicate with business leaders at all
levels of the organization
- Strong analytical and problem-solving skills
- One or more relevant certifications preferred (CISSP, CCSP,
CISA, or CISM)
- Cloud Engineering or Security Certification preferred - AWS
Certified DevOps Engineer, AWS Certified Security, or similar
certifications
- Experience with Docker, Open Container Initiative, Kubernetes,
or similar is a big plus. The base salary for this position ranges
between $203,000 to $280,000. The base salary will be based on a
number of factors including the role offered, the individual's
job-related knowledge, skills, qualifications, and geographic
location. In addition to base salary, Zwift is proud to offer a
comprehensive and competitive benefits package for all eligible
employees which also includes performance bonuses, equity, and a
full range of medical, financial, and other perks and benefits. How
to stand out among the rest: Your resume/CV is enough to show off
your skills, accomplishments, and experience. However, if you
choose to include a cover letter introducing us to your awesome
personality, we will read that too. We strongly believe that
different backgrounds and ideas are a competitive advantage; we
hire candidates of any race, color, ancestry, religion, sex,
national origin, sexual orientation, gender identity, age, marital
or family status, disability, Veteran status, and any other status.
Zwift is proud to be an Equal Opportunity Employer. If you have a
disability or special need that requires accommodation, please let
us know by emailing -careers@zwift.com. - Zwift, Inc. is an Equal
Opportunity Employer. Transparency in Coverage: - Health plan price
transparency is designed to help consumers know the cost of covered
items or healthcare-related services prior to the date upon which
they receive care. -Transparency in Coverage (TIC) regulations
require health insurers and group health plans to create machine
readable files (MRFs) that contain the negotiated rates for
in-network providers and allowed amounts derived from historical
claims for out-of-network providers and make those files publicly
available. Here is the - link -to the site on which Kaiser
Permanente posts its in-network and out-of-network allowed amount
machine-readable files (MRFs). Here is the - link -to the site on
which Anthem posts its in-network and out-of-network allowed amount
machine-readable files (MRFs). The link will allow you to search
for your files using your Employer Identification Number
(81-2798595)
#J-18808-Ljbffr
Keywords: Highland Capital Europe, Washington DC , Director, Information Security, Executive , Washington, DC
Didn't find what you're looking for? Search again!
Loading more jobs...